Lucene search

PRIOn knowledge basePRION:CVE-2023-38770

HistoryAug 08, 2023 - 4:15 p.m.

Sql injection

2023-08-0816:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

churchcrm

queryview.php

remote attacker

sensitive information

nvd

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.0%

JSON

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.

CPENameOperatorVersion
churchcrmeq5.0.0

CPE	Name	Operator	Version
	churchcrm	eq	5.0.0

References

churchcrm.io/

demo.churchcrm.io/master

github.com/0x72303074/CVE-Disclosures

github.com/ChurchCRM/CRM/wiki